it has taken over my email

View previous topic View next topic Go down

it has taken over my email

Post by tricia9000 on 18th November 2010, 7:15 am

My email account has been sending emails to people
saying the following:


how are you ?
Just received my iphone 3gs 32gb from this website -removed-. much cheaper than others and genuine . if you would like to get one,you can check it out,
all the best for 2010
Regards.

It had to send out at least 20 emails last night.
HELP!!!!!!

Tricia

tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it has taken over my email

Post by Belahzur on 19th November 2010, 12:49 am

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it has taken over my email

Post by tricia9000 on 19th November 2010, 2:42 am

OTL logfile created on: 11/18/2010 8:01:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Shorty\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 538.92 Gb Free Space | 92.68% Space Free | Partition Type: NTFS

Computer Name: SHORTY-PC | User Name: Shorty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 19:59:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
PRC - [2010/11/09 09:40:33 | 002,069,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/11/09 09:40:03 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/25 06:27:33 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/07/21 07:43:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 08:34:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/31 10:42:56 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/03/04 11:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/01 23:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 23:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 19:59:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/21 07:43:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 08:34:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 11:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe -- (SftService)
SRV - [2009/12/17 12:46:44 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 20:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/07/15 08:34:36 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 08:33:56 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/06 01:57:51 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/03/04 12:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/08/13 20:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/06 01:29:38 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 01:52:08 | 000,100,864 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viacr64.sys -- (VIACRX64)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/06 01:50:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Users\Shorty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} [You must be registered and logged in to see this link.] (Imikimi_activex_plugin Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 19:59:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
[2010/11/11 03:00:54 | 000,000,000 | ---D | C] -- C:\1aa737239067f69140093a
[2010/11/07 14:43:19 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\skypePM
[2010/11/07 14:41:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/11/07 14:41:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010/11/07 14:41:55 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Skype
[2010/11/07 14:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/10/28 23:55:53 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mswinsck.ocx
[2010/10/28 23:55:43 | 002,267,368 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\SysWow64\Flash9d.ocx
[2010/10/28 23:55:07 | 000,000,000 | ---D | C] -- C:\LogoSmartz Trial
[2010/10/28 21:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZ Calendar - Nature
[2010/10/28 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZ Fonts
[2010/10/28 21:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2010/10/27 21:57:31 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\SolidDocuments
[2010/10/27 21:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidDocuments
[2010/10/27 20:45:09 | 000,438,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mshflxgd.ocx
[2010/10/27 20:45:08 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Richtx32.ocx
[2010/10/27 20:45:08 | 000,196,608 | ---- | C] (1-2-3PDFConverter) -- C:\Windows\SysWow64\Utility.dll
[2010/10/27 20:45:08 | 000,117,507 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msinet.ocx
[2010/10/27 20:45:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\gs
[2010/10/27 20:44:57 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2010/10/27 20:08:42 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\GIRDAC
[2010/10/27 20:08:42 | 000,000,000 | ---D | C] -- C:\GIRDAC
[2010/10/27 20:03:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIRDAC PDF Converter Ultimate
[2010/10/27 19:50:12 | 000,000,000 | ---D | C] -- C:\Users\Shorty\AppData\Roaming\Downloaded Installations
[2010/10/26 16:24:10 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/26 16:24:10 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/26 16:24:10 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/26 16:24:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/26 16:24:10 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/26 16:24:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/26 16:24:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/26 16:24:05 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/05/03 22:40:14 | 000,040,960 | ---- | C] ( ) -- C:\Windows\Interop.OR4PhotoComponent.dll
[2010/03/16 02:22:53 | 000,040,960 | ---- | C] ( ) -- C:\Windows\SysWow64\MACTrackBarLib.dll
[2010/02/12 07:48:00 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Shorty\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/11/18 19:59:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Shorty\Desktop\OTL.exe
[2010/11/18 19:18:42 | 067,809,455 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/11/18 19:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/07 14:43:21 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/11/07 14:41:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/05 08:27:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 08:27:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/04 08:52:48 | 000,000,162 | -H-- | M] () -- C:\Users\Shorty\Documents\~$nquet book.dotx
[2010/10/30 10:41:30 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/29 08:10:00 | 000,029,275 | ---- | M] () -- C:\Users\Shorty\Documents\Banquet book2.dotm
[2010/10/29 07:56:57 | 003,888,684 | ---- | M] () -- C:\Users\Shorty\Documents\banquet book.dotx
[2010/10/28 21:50:20 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\EZ Calendar - Nature.lnk
[2010/10/28 21:45:38 | 000,001,912 | ---- | M] () -- C:\Users\Shorty\Desktop\Click to Find and Fix Errors.lnk
[2010/10/21 16:44:26 | 000,438,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Mshflxgd.ocx

========== Files Created - No Company Name ==========

[2010/11/07 14:43:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/07 14:41:56 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/11/04 08:52:48 | 000,000,162 | -H-- | C] () -- C:\Users\Shorty\Documents\~$nquet book.dotx
[2010/10/29 08:10:00 | 000,029,275 | ---- | C] () -- C:\Users\Shorty\Documents\Banquet book2.dotm
[2010/10/29 07:56:56 | 003,888,684 | ---- | C] () -- C:\Users\Shorty\Documents\banquet book.dotx
[2010/10/28 21:50:20 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\EZ Calendar - Nature.lnk
[2010/10/28 21:45:38 | 000,001,912 | ---- | C] () -- C:\Users\Shorty\Desktop\Click to Find and Fix Errors.lnk
[2010/10/27 21:55:59 | 000,024,576 | ---- | C] () -- C:\Windows\SysNative\solidlocalmon.dll
[2010/10/27 21:55:59 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\solidlocalui.dll
[2010/10/27 20:45:09 | 000,051,604 | ---- | C] () -- C:\Windows\SysWow64\Adist5k.ppd
[2010/05/03 22:40:15 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\LLHttpsUpload2.dll
[2010/05/03 22:40:14 | 000,032,768 | ---- | C] () -- C:\Windows\AxInterop.OR4PhotoComponent.dll
[2010/03/16 02:22:56 | 002,592,768 | ---- | C] () -- C:\Windows\SysWow64\InvestintechConversionDLL.dll
[2010/03/16 02:21:56 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\regobj.dll
[2010/03/16 02:21:55 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\LWLLHttpsUpload2.dll
[2010/02/22 02:10:18 | 000,001,688 | ---- | C] () -- C:\Users\Shorty\AppData\Roaming\wklnhst.dat
[2010/02/12 15:00:29 | 000,017,072 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

< End of report >





OTL Extras logfile created on: 11/18/2010 8:01:36 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Shorty\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 538.92 Gb Free Space | 92.68% Space Free | Partition Type: NTFS

Computer Name: SHORTY-PC | User Name: Shorty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}" = TurboTax 2008 winiper
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{37EBB600-EAA2-012B-AD89-000000000000}" = TurboTax 2009 wiliper
"{385E26E0-EAA2-012B-ADA5-000000000000}" = TurboTax 2009 winiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3AC785C0-EAA2-012B-AE3B-000000000000}" = TurboTax 2009 wneiper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{420C7754-7758-49F5-807A-A3F9F2790704}" =
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50DECEE8-63A6-4EE0-8EDD-655A01B16D28}" = OfficeReadyToolBarSetup
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{a71b2005-36ef-4ee5-8059-02deb367cb98}" = EZ Calendar - Nature
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E39DF86F-3540-4DD8-BBF0-CA9864FC8CC9}" = OfficeReady 4.0 Platinum
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4C07CAB-99A1-4177-8EA1-67B0FE6474C8}" = TurboTax 2008 wiliper
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amyuni PDF Converter" = Amyuni PDF Converter
"AVG9Uninstall" = AVG Free 9.0
"Dell Webcam Central" = Dell Webcam Central
"FrostWire" = FrostWire 4.18.6
"GoToAssist" = GoToAssist 8.0.0.514
"Imikimi Plugin" = Imikimi Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Premier 2004" = TurboTax Premier 2004
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/3/2010 5:00:53 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2663748

Error - 11/3/2010 5:00:54 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2010 5:00:54 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2664778

Error - 11/3/2010 5:00:54 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2664778

Error - 11/3/2010 5:00:55 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2010 5:00:55 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2665792

Error - 11/3/2010 5:00:55 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2665792

Error - 11/3/2010 5:00:56 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/3/2010 5:00:56 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2666806

Error - 11/3/2010 5:00:56 PM | Computer Name = Shorty-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2666806

[ Media Center Events ]
Error - 8/1/2010 9:56:12 AM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 8:56:10 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 8/1/2010 9:56:14 AM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 8:56:13 AM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 8/1/2010 9:56:16 AM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 8:56:15 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 8/1/2010 6:39:17 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:17 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 8/1/2010 6:39:21 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:20 PM - Failed to retrieve NetTV (Error: Unable to connect to
the remote server)

Error - 8/1/2010 6:39:23 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:22 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 8/1/2010 6:39:26 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:25 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 8/1/2010 6:39:28 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:27 PM - Failed to retrieve SportsV2 (Error: Unable to connect
to the remote server)

Error - 8/1/2010 6:39:31 PM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:39:29 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 8/4/2010 6:20:12 AM | Computer Name = Shorty-PC | Source = MCUpdate | ID = 0
Description = 5:20:12 AM - Error connecting to the internet. 5:20:12 AM - Unable
to contact server..

[ System Events ]
Error - 11/2/2010 1:55:26 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/2/2010 1:55:37 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/2/2010 7:59:23 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/2/2010 9:03:12 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/2/2010 10:02:55 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/3/2010 9:17:52 AM | Computer Name = Shorty-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 11/3/2010 11:06:37 AM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/3/2010 5:02:56 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/3/2010 5:23:39 PM | Computer Name = Shorty-PC | Source = DCOM | ID = 10016
Description =

Error - 11/3/2010 8:57:00 PM | Computer Name = Shorty-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{9F853821-BC0B-4581-A16A-4260348F013D}
because another computer on the network has the same name. The server could not
start.


< End of report >

tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it has taken over my email

Post by Belahzur on 20th November 2010, 12:58 am

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it has taken over my email

Post by tricia9000 on 21st November 2010, 1:16 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron One 19A
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 197):
0x02A68000 \SystemRoot\system32\ntoskrnl.exe
0x02A1F000 \SystemRoot\system32\hal.dll
0x00BC9000 \SystemRoot\system32\kdcom.dll
0x00C8B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CCF000 \SystemRoot\system32\PSHED.dll
0x00CE3000 \SystemRoot\system32\CLFS.SYS
0x00EAA000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F6A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F79000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FD9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D41000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FE3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D74000 \SystemRoot\System32\drivers\partmgr.sys
0x00D89000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FF0000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00C00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FF8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00C10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C2A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C33000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C5D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010C1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0110D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01121000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0112D000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0118B000 \SystemRoot\System32\Drivers\cng.sys
0x013D6000 \SystemRoot\System32\drivers\pcw.sys
0x013E7000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014DB000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0148B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015CD000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D5000 \SystemRoot\System32\Drivers\mup.sys
0x015E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0103A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x01074000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02865000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0288F000 \SystemRoot\System32\Drivers\Null.SYS
0x02898000 \SystemRoot\System32\Drivers\Beep.SYS
0x0289F000 \SystemRoot\System32\drivers\vga.sys
0x028AD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x028D2000 \SystemRoot\System32\drivers\watchdog.sys
0x028E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x028EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x028F4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x028FD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02908000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03600000 \SystemRoot\System32\drivers\tcpip.sys
0x02919000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02963000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02981000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0298E000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02800000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03847000 \SystemRoot\system32\drivers\afd.sys
0x038D1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x038DA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03900000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0390F000 \SystemRoot\system32\DRIVERS\serial.sys
0x0392C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03947000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0395B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x039AC000 \SystemRoot\system32\drivers\nsiproxy.sys
0x039B8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x039C3000 \SystemRoot\System32\drivers\discache.sys
0x039D2000 \SystemRoot\System32\Drivers\dfsc.sys
0x03800000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03811000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03A03000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03A4A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A70000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04437000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x03A86000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B3F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B85000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04BA9000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04400000 \SystemRoot\system32\DRIVERS\viacr64.sys
0x03B7A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03B9A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0441D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03E06000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E5C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E6D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03E79000 \SystemRoot\system32\DRIVERS\parport.sys
0x03E96000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03EA3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03EB3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03EC9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03EED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03EF9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03F28000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03F43000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03F64000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03F7E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03F8D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03F9C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\ks.sys
0x03FE1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x052F6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05350000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05200000 \SystemRoot\system32\drivers\CHDRT64.sys
0x052AC000 \SystemRoot\system32\drivers\portcls.sys
0x05365000 \SystemRoot\system32\drivers\drmk.sys
0x05387000 \SystemRoot\system32\drivers\ksthunk.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x0538D000 \SystemRoot\System32\drivers\Dxapi.sys
0x05399000 \SystemRoot\system32\DRIVERS\monitor.sys
0x053A7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x053B5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x053C1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x053CA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x053DD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x053FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03819000 \SystemRoot\System32\Drivers\usbvideo.sys
0x01C82000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x005A0000 \SystemRoot\System32\TSDDD.dll
0x01CAD000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x01CBB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x01CD4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01CDD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x01CEB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01D72000 \SystemRoot\system32\drivers\luafv.sys
0x01D95000 \SystemRoot\system32\drivers\WudfPf.sys
0x01DB6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03093000 \SystemRoot\system32\drivers\HTTP.sys
0x0315B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03179000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03191000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03000000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0304E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x058C9000 \SystemRoot\system32\drivers\peauth.sys
0x0596F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0597A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x059A7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05C59000 \SystemRoot\System32\DRIVERS\srv.sys
0x05D20000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05D56000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x05D74000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x05D85000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x05D91000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x05DA1000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x05DC9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05DE4000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x05C00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x00860000 \SystemRoot\System32\ATMFD.DLL
0x05C31000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05867000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00690000 \SystemRoot\System32\cdd.dll
0x776D0000 \Windows\System32\ntdll.dll
0x48560000 \Windows\System32\smss.exe
0xFF9F0000 \Windows\System32\apisetschema.dll
0xFF0A0000 \Windows\System32\autochk.exe
0xFF940000 \Windows\System32\msvcrt.dll
0xFF860000 \Windows\System32\oleaut32.dll
0xFF850000 \Windows\System32\nsi.dll
0xFF7D0000 \Windows\System32\shlwapi.dll
0xFF760000 \Windows\System32\gdi32.dll
0xFF690000 \Windows\System32\usp10.dll
0xFF480000 \Windows\System32\ole32.dll
0xFF450000 \Windows\System32\imm32.dll
0x775B0000 \Windows\System32\kernel32.dll
0x778A0000 \Windows\System32\normaliz.dll
0xFF3B0000 \Windows\System32\clbcatq.dll
0xFF390000 \Windows\System32\sechost.dll
0xFF280000 \Windows\System32\msctf.dll
0xFF260000 \Windows\System32\imagehlp.dll
0xFF080000 \Windows\System32\setupapi.dll
0xFE2F0000 \Windows\System32\shell32.dll
0xFE2A0000 \Windows\System32\Wldap32.dll
0xFE170000 \Windows\System32\rpcrt4.dll
0x77890000 \Windows\System32\psapi.dll
0xFE160000 \Windows\System32\lpk.dll
0xFE110000 \Windows\System32\ws2_32.dll
0xFDEB0000 \Windows\System32\iertutil.dll
0xFDD30000 \Windows\System32\urlmon.dll
0xFDCB0000 \Windows\System32\difxapi.dll
0xFDC10000 \Windows\System32\comdlg32.dll
0x774B0000 \Windows\System32\user32.dll
0xFDAE0000 \Windows\System32\wininet.dll
0xFDA00000 \Windows\System32\advapi32.dll
0xFD990000 \Windows\System32\KernelBase.dll
0xFD970000 \Windows\System32\devobj.dll
0xFD800000 \Windows\System32\crypt32.dll
0xFD7C0000 \Windows\System32\cfgmgr32.dll
0xFD780000 \Windows\System32\wintrust.dll
0xFD6E0000 \Windows\System32\comctl32.dll
0xFD6D0000 \Windows\System32\msasn1.dll
0x76100000 \Windows\SysWOW64\normaliz.dll

Processes (total 106):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
384 csrss.exe
452 C:\Windows\System32\wininit.exe
464 csrss.exe
548 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
856 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
380 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1236 C:\Program Files\Dell\DellDock\DockLogin.exe
1400 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\spoolsv.exe
1540 C:\Windows\System32\svchost.exe
1648 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1700 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1772 C:\Windows\System32\svchost.exe
1812 C:\Windows\SysWOW64\svchost.exe
1924 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2024 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
1080 C:\Windows\System32\svchost.exe
2860 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\taskhost.exe
1372 C:\Windows\System32\dwm.exe
2764 C:\Windows\explorer.exe
3300 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
3480 C:\Windows\System32\igfxtray.exe
3488 C:\Windows\System32\hkcmd.exe
3496 C:\Windows\System32\igfxpers.exe
3536 C:\Windows\System32\igfxsrvc.exe
3592 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
3620 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3676 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3684 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
3700 C:\Program Files\Dell\DellDock\DellDock.exe
3752 C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
3788 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
3808 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
3872 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
3888 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
3964 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4012 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
4052 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4392 C:\Program Files\iPod\bin\iPodService.exe
4556 C:\Windows\System32\SearchIndexer.exe
4684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4772 C:\Program Files\Windows Media Player\wmpnetwk.exe
4804 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4992 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4588 C:\Windows\System32\svchost.exe
5832 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4056 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
3060 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
5252 WUDFHost.exe
7012 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
3864 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
3400 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
8340 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
4932 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2008 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
9868 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
4988 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
1436 C:\Windows\System32\taskhost.exe
10088 csrss.exe
11744 C:\Windows\System32\winlogon.exe
11484 taskhost.exe
10184 dwm.exe
7904 explorer.exe
11708 hkcmd.exe
12132 igfxpers.exe
2592 hpqtra08.exe
8004 igfxsrvc.exe
12228 DellDock.exe
2216 PDVDDXSrv.exe
11060 WebcamDell2.exe
11348 RoxioBurnLauncher.exe
9712 sprtcmd.exe
11908 avgtray.exe
10968 hpwuSchd2.exe
2324 iTunesHelper.exe
11320 hpqste08.exe
12420 hpqbam08.exe
12696 hpqgpc01.exe
11048 C:\Program Files (x86)\Internet Explorer\iexplore.exe
9948 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5764 C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
8324 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
588 C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
11660 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
12752 C:\Windows\System32\svchost.exe
9176 C:\Windows\splwow64.exe
11460 C:\Windows\System32\svchost.exe
7916 C:\Windows\System32\wuauclt.exe
2424 dsc.exe
13060 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5844 C:\Windows\System32\audiodg.exe
12736 C:\Windows\System32\msiexec.exe
11920 C:\Users\Shorty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SDKJISOS\MBRCheck[1].exe
12944 C:\Windows\System32\conhost.exe
10704 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it has taken over my email

Post by Belahzur on 21st November 2010, 8:16 pm

Hello.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: it has taken over my email

Post by tricia9000 on 23rd November 2010, 10:57 am

Hello,
My friend I ran the scan and the results showed no threats/viruses. What is the next step.

tricia9000
Novice
Novice

Posts Posts : 25
Joined Joined : 2010-01-28
Gender Gender : Female
Points Points : 25346
# Likes # Likes : 0

View user profile

Back to top Go down

Re: it has taken over my email

Post by Belahzur on 23rd November 2010, 10:19 pm

Hello.

I see that you are running FrostWire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3
    Java(TM) 6 Update 18
    FrostWire 4.18.6

  • Click on the Uninstall/Change button at the top.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum